Follow
these steps to configure a keyring for use by Daemon Secure
Sockets Layer.
About this task
Modify the customization
job commands generated in BBOCBRAK (or
HLQ.DATA(BBODBRAK) on WebSphere® Application Server, Network Deployment)
to perform these steps:
Procedure
- Create a keyring
for the daemon’s MVS user ID to own. Generally, this is the
same keyring name that was created for your application servers.
Issue the
following TSO command: RACDCERT ADDRING(keyringname) ID(daemonUserid)
- Generate
a digital certificate for the daemon’s MVS user
ID to
own by issuing the following TSO command:
RACDCERT ID (daemonUserid) GENCERT SUBJECTSDN(CN('create a unique CN') O('IBM'))
WITHLABEL('labelName') SIGNWITH(CERTAUTH LABEL('WebSphereCA'))
- Connect the generated certificate to the daemon’s
keyring by issuing
the following TSO command:
RACDCERT ID(daemonUserid) CONNECT (LABEL('labelName') RING(keyringname) DEFAULT)
- Connect the certificate authority (CA) certificate
to the server’s
keyring by issuing the following TSO command:
RACDCERT CONNECT (CERTAUTH LABEL(WebSphereCA) RING(keyringname))
Results
Tip: The CA certificate that is
generated during configuration
(WAS Test CertAuth) is an example. Use the CA you normally use to
create user
certificates, and connect the CA certificate to the daemon and server
keyrings.